128 sats \ 0 replies \ @niftynei OP 4 Jan \ parent \ on: waxwing commentary on twist attacks + bitcoin’s curve bitdevs
The privatekey -> pubkey function is “fine”. It isn’t a vector for being subjected to twist attack.
The pubkey you get back from this function will be on the curve as it’s internally munged to be. The risk is that it won’t “match” the private key that you provided.
The attack specifically requires you not to verify a pubkey you’ve been given is on the curve.
Technically, yes 😂 in this case the bug is the library is not living up to its name 🤷